I currently have a Google NPM Registry using Artifact Registry. I would like to make certain modules public and others private. Is there a way to do this? Is there like a "public" Service account or something?
Based on the official documentation on Configuring public access to a repository:
If you have artifacts that you want to make available to anyone on the internet without authentication, store them in a repository that you make public.
To configure a repository for public read-only access, grant the Artifact Registry Reader role to the member allUsers.
gcloud:
gcloud artifacts repositories add-iam-policy-binding REPOSITORY \
--location=LOCATION --member=allUsers --role=ROLE
Console:
1. Open the Repositories page in the Cloud Console.
2. Select the appropriate repository.
3. On the Permissions tab, click Add Member.
4. In New members field, enter `allUsers`.
5. Select the role Artifact Registry Reader.
6. Set a per-user limit on Artifact Registry API requests to prevent misuse by unauthenticated users.
For more information, see this article on configuring access control in Artifact Registry.
Related
In Azure devops is it possible to grant access (read-only) to a repo in a project without the user having access to the project containing the repo?
We want to use the repo basically as a file share with clients that shouldn't be able to see all our code/scripts/pipelines etc that exist in the parent project and other repos.
As stakeholder access on the project and Reader rights on the repo they had too much access to the project. Removing them from the project and creating a new group with limited repo rights they got to a forbidden, access denied screen which makes me think they have to have access to the project.
My testing is limited because of corporate environment I am unable to create additional users/emails and don't want to have to keep asking co-workers to test every change I could try.
Azure DevOps is designed to enable all valid users to view all objects defined in the system. You can restrict access to specific resources by setting the permission state to Deny.
So not quite sure if this specific requirement is achievable. The closest you could probably get to is this: Assign read-only rights to a single repository in Azure DevOps.
Here is a very similar idea on Developer Community from 2019: Restrict access to dev ops functionality for a guest user. One more resolved post: Restrict access to specific objects in DevOps.
If you think this implementing this suggestion can benefit others in the Community as well, do request it as a new feature on Developer Community for Azure DevOps.
Also go through the elaborate documentation available for configuring ADO granular security controls and check if changing individual permission at the project-level helps.
The Git repository with name or identifier sdsdsd does not exist or you do not have permissions for the operation you are attempting.
fatal: repository 'https://dev.azure.com/azdevopsmar22/Version%20Controlling%20with%20Git%20in%20Azure%20Repos/_git/sdsdsd/'
The error implies there is a security restriction on the Repo you are trying to access. Try one of the following:
On windows, use windows credentials to add git#https://<git-username>#dev.azure.com/<azdevopsmar22>. Refer this blog ,
Azure devops check security
Within the AzureDevOps organization, your project, select settings --> Repository --> Select the repo that you have trouble accessing --> security. Check if read permissions are set on the group you belong to.
I want to connect to GitHub using Heroku, and I want to connect to repository, which I don't own, but I have write access to.
But only my repositories are shown, and I can pick only my name!
So the question is:
Is it possible and how to connect to GitHub repository, which I don't own, but have write access to, to Heroku?
Assuming you want to enable automatic deployment, write access is not sufficient:
GitHub repo admin access is required for you to configure automatic GitHub deploys. This is because Heroku has to register a service hook on the GitHub repo, and this action requires admin access. For GitHub organisations, your GitHub account will also need to be a member of the organisation and not an outside collaborator.
So:
Do you have admin-level access to the repository?
Is this repository an organizational repository? If so, are you a member of the organization, or an outside collaborator?
I'm trying to deploy a shiny app to the shinyapps.io server, but keep getting an error relating to a custom-built package that is hosted in a private github repo owned by our organization (note that I have replaced the actual name of the package, company name, and private repo name in the error below):
error: Building package: [PACKAGE NAME]
################################ Begin Task Log
################################
################################# End Task Log
#################################
Error: Unhandled Exception: Child Task 530176316 failed: Error building
image: Error fetching [PACKAGE NAME] (1.0.2) source. Error accessing GitHub
repository ORGANIZATION/PRIVATE_REPO. HTTP 404: Not Found
I know the repo link is good, because installing via devtools::install_github("ORGANIZATION/PRIVATE_REPO, auth_token = token works.
I'm an admin for the organization page, and also made sure that token has both repo and admin:org scope.
I've also made sure to tick "Private Repository Access" in my shinyapps.io account page as stated here.
Anyone have any thoughts on what I might be doing wrong??
Thanks!
Create an .Rprofile file in your project folder that you would intend to deploy.
You would need to set that repo options in the .Rprofile. and add your private github link. Something like
# A sample .Rprofile file with two different package repositories.
local({
r <- getOption("repos")
r["CRAN"] <- "https://cran.rstudio.com/"
r["mycompany"] <- "http://rpackages.mycompany.com/"
options(repos = r)
})
This is well explained here. Package management in RStudio Connect.
It is necessary to enable private access to the repo in the shinyapps.io dashboard as shown here
But you also need to give the proper permissions to the organization from github -> settings -> applications
Select shinyapps from the applications list
And then grant access to the specific organization
And you are done!
rsconnect will automatically detect the source of the repo, provided it as installed with the auth_token parameter using devtools::install_github
Just in case, I found the above answer to allow for specific corporate repositories, not installing from a private github repo. For that, this link has this to say:
Go to Account >> Profile, then under github LINK the accounts, and allow private repo access.
I have a github account: https://github.com/remkohdev
and am a member of several github organizations
I have added all organizations to the Bluemix DevOps Third Party applications authorizations.
But I cannot change the default github organization to a different organization when I enable the Toolchain on Bluemix, so that I can create/edit the source code to the repo in a different than default Github organization?
Error:
The integration could not be set up. Check the settings and try again.
Reason: Unable to update the git integration. An error occurred while cloning the git repository. Error details: Unable to read the repository on: https://github.com/eventquarry/server.git. User is not authorized, or repository does not exist.
When you authorized with GitHub you probably did not explicitly grant access to the eventquarry organization.
To fix this, first you need to revoke your token by logging into Github.com, then click settings > Authorized applications > Revoke "IBM Bluemix Toolchains". Now go back to Bluemix, and when you click on the GitHub tool you will see an “Authorize” button. Upon clicking, you will be taken to GitHub, and here you need to click "Grant Access" next to eventquarry (and all orgs you would like to grant access to) before clicking "Authorize application".
Now you should be able to fork/clone/link with the private repositories in the eventquarry organization.
The devops git folks responded with this:
Right now, we don't support the ability to create new organization repositories through the toolchain UI. Any new repos are created under the personal account of the user. It is possible to link to existing organization repos by typing in the repo URL in the field. (Org repos won't show up in the dropdown, but the URL can be entered manually.) Note that the user needs admin privileges on the repo they're linking to in order to have a fully functioning integration though. It's possible to link to a repo without admin privileges, but we can't create a webhook on the repo, so there's no way for us to be notified of commit events. Pipelines will only run manually if the user doesn't have admin privileges on the repo.
Let me know if this is helpful...